How to Prepare for a Healthcare Cyber Attack

information securityFrom networked medical devices to electronic medical records to wireless connectivity inside hospital waiting rooms, the healthcare industry has definitively gone digital. But with these digital advances comes substantial risk if healthcare organizations don’t secure data where it’s stored.

recent report from the Health Information Trust Alliance says many healthcare organizations lack the tools they need to be aware of and repel healthcare cyber attacks. According to the Alliance, "today’s approach to cybersecurity is predominantly reactive and, for the vast majority of organizations, inefficient and labor-intensive."

With stolen medical records, criminals can commit identity theft, run online scams or obtain medical services and prescriptions illegally. But criminals don’t have to get the last laugh. Healthcare organizations can protect themselves before cyber attacks happen by following the proactive tips below.

Assign responsibility
Create a management structure to oversee an organization’s security and take measures to avert cyberattacks. This should include members of the IT team, as well as upper management in both IT and marketing/public relations, in the event of a crisis. While the IT team will actually carry out the day-to-day work, team members should have a specific individual to whom they can report their progress, or alert regarding any breaches.

Plan ahead
To lessen the risk of a healthcare cyber attack, develop a comprehensive risk management plan. The plan should utilize industry standards and best practices to assess threats from unauthorized access or a disruption of an organization’s information system. Establish the scope of coverage, responsibilities and compliance criteria.

Remain vigilant
The plan should include routine security risk assessments, which will yield a better understanding of the risks posed to any health information and personal data. The steps of the risk assessment:

  • Assess vulnerabilities of an IT system and data architecture, looking for flaws in software and hardware.
  • Purchase software that analyzes potential threats and hones in on the few that are the most dangerous.
  • Establish reliable sources of industry intelligence and industry indicators of compromise.
  • Keep up with available education material that can help in communicating with colleagues, members and patients about potential risks and security steps they can take.

Cyber security is not to be taken lightly. For more information on establishing or upgrading security, visit the HIT Trust Alliance and the federal government health IT providers page.